<?php
/* ----------------------------------------------------------
--               JacoCMS by Jaco Ruit                      --
-------------------------------------------------------------
--     JacoCMS is Open Source and is lincenced under       --
--             GNU General Public Licence v3               --
--          http://www.gnu.org/copyleft/gpl.html           --
-------------------------------------------------------------
--       Please don't remove any text from the footers.    --
-------------------------------------------------------------
-- Credits:   * Jaco Ruit          ~     Scripts,MySQL     --     
-----------------------------------------------------------*/

#important includes
include '../includes/config.php';
include '../includes/database.ext.class.php'; 

#create database connection
$database = new Database();
$database->connect('../includes/config.php');

#finish includes
include '../includes/core.ext.class.php';
include '../includes/settings.class.php';
include '../includes/user.class.php';
include '../includes/page.class.php';

#vars, classes
$settings = new Settings();
$core = new Core();
$user = new User();
$page = new Page();
$panelcode = "<p>Loading..</p>";


session_start();
if((isset($_SESSION['jcmsuname'])) && (isset($_SESSION['jcmspwd'])))
{
	$uname = $core->filter($_SESSION['jcmsuname']);
	$pwd = $core->filter($_SESSION['jcmspwd']);
	
	#validate cookies' info
	if ($user->validateCookie($uname, $pwd) == true)
	{
		
		if(!$user->isAdmin($uname))
		{
			$panelcode = '<div id="panelinfo"><p>You do not have permission to view this.</p></div>';
			$title = 'Access Denied';
		}
		else
		{
			if(isset($_GET['pid']))
			{
				$pid = $core->filter($_GET['pid']);
				$exist = $page->checkIfIDExists($pid);
				if ($exist == false)
				{
					$panelcode = '<div id="error"><h3>Invalid Vars</h3></div>';
					$title = "Invalid Vars";					
				}
				else
				{
					$arr = $page->getByID($pid);
					$name = $arr['title'];
					$panelcode = '<div id="form"><form name="editpage" method="post" action="function.editpage-' . $pid . '"><p>Title</p><input type="text" name="title" MaxLength="20" size="20" value="' . $arr['title'] . '" /><br /><p>Content</p><textarea rows="20" cols="50"  name="content" >' . $arr['content'] . '</textarea><br /><p>Keywords</p><input type="text" name="keywords" MaxLength="200" value="' . $arr['keywords']  . '" /><br /><input type="submit" name="submit" value="Save" /></div>';
					$title = "Edit Page";
				}
			}
			else
			{
				$panelcode = '<div id="error"><h3>Invalid Vars</h3></div>';
				$title = "Invalid Vars";
			}
			
		}
		
		#create template
		$smarty->assign("page", $title);
		$smarty->assign("webname", $settings->getWebsiteName());
		$smarty->assign("panelcode", $panelcode);
		$smarty->display("panel.tpl");
	}
	else
	{
		#evil cookies!
		
		
		
		session_destroy();
		header("Location: login");
	}
}
else
{
	header("Location: login");
}

?>